The Office of Personnel Management Hack Is Very Bad
May 11, 2016
The US Office of Personnel Management (OPM) was hacked for more than a year before it was discovered in April 2015. The personal information of 21 million current and former government employees was stolen, including their Social Security numbers and home addresses. The hack does not seem that important, unless you were or are a government employee, but the Lawfare Blog explains differently in “Why The OPM Hack Is Far Worse Than You Imagine.”
The security breach is much worse than simple identity theft, because background checks were stolen as well. It might seem that a background check is not that serious (so the hackers discovered a person got a speeding ticket?), but in reality these background checks were far more extensive than the usual as they were used for purposes of entering government mandated areas. The security clearances included information about family, sexual behavior, and risk of foreign exploitation. If that was not bad enough,
“Along with the aforementioned databases, the OPM systems are linked electronically to other agencies and databases, and it stored much of this data alongside the security clearance files. According to a 2007 White House report on OPM security clearance performance, checks of State Passport records and searches of military service records are now conducted electronically. According to this report, then, there are electronic linkages between the OPM Security Clearance files, Department of Defense service records, and State Department Passport records.”
OPM took measures to ensure future security, but they either expose whom the victims of the breach are and would allow private contractors access to sensitive data to mitigate future attacks. OPM is not willing to acknowledge these deficiencies, but would rather continue to expose the victims (and future victims) to further danger.
Whitney Grace, May 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph